Get Your Firefox 3.5.1

This is the first minor point release in the 3.5 series of Firefox. The main reason for this patch is a security flaw in the TraceMonkey JavaScript engine of the browser. We have “zbyte” to thank for the discovery of this flaw. This Firefox user reported that his browser kept on crashing each time he tried to type text in an input box on the site apport.ru. Zbyte sent this bug report in on July 9, and less than a month later, Firefox developers were able to find the reason for the bug AND send out a fix as well.

Anyhow, the TraceMonkey JavaScript engine is a huge development on Mozilla’s part. With the bug concerning the engine, however, Firefox users are left vulnerable to exploits. In fact, a malicious web site can take advantage of this bug and execute arbitrary code. The developers reacted quickly, though, with Firefox 3.5.1 as the result.

By the way, soon after the bug was fixed, news circulated that there is another bug. This is utterly believable – bugs abound anyway. In fact, researchers Berry-Byrne and Andrew Hayes discovered this bug in the “escape” function. The good news is that they strongly believe that this bug is not exploitable. That means that while those who encounter this bug just might be bugged about it (no pun intended), we are not in danger – security wise.

In any case, you might want to get the latest patch for Firefox, if you have not already.